I am setting up a two-tier Logstash setup for our customers.
On-premises servers running syslog and beats will connect to 1 or more on-premises Logstash servers, which will be running syslog and beats pipelines configured using the lumberjack output plugin to forward the events to cloud-based Logstash servers hosted in AWS.
I have this working and both syslog and beat events are arriving at the AWS hosted Logstash servers and being written out to S3 as desired.
However, I would like to add fields to the events as they pass through the on-premises Logstash servers to record the details of the Logstash server they pass through, the equivalent of an X-Forwarded-For header a HTTP proxy server adds.
I am unable to find any variables/fields that contain details of the Logstash server itself.
The environment variable $HOSTNAME contains the hostname of the Logstash server but it would be good to get its FQDN and IP address included also.
Anyone done anything like this before?
Anyone have any ideas?